marcel/familienarchiv
1
0
Fork 0
Code Issues 109 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

security(deps): bump @sveltejs/kit + vite to clear 5 high CVEs #625

Merged
marcel merged 7 commits from feat/issue-458-security-dep-bump into main 2026-05-19 16:29:44 +02:00
Conversation 7 Commits 7 Files Changed 6 +10 -10
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a0339a5526 - Show all commits

20
frontend/patches/@vitest+browser-playwright+4.1.0.patch → frontend/patches/@vitest+browser-playwright+4.1.6.patch
View File

@@ -1,30 +1,30 @@
diff --git a/node_modules/@vitest/browser-playwright/dist/index.js b/node_modules/@vitest/browser-playwright/dist/index.js diff --git a/node_modules/@vitest/browser-playwright/dist/index.js b/node_modules/@vitest/browser-playwright/dist/index.js
index 5d0d37b..821d7b4 100644 index c01e754..f1bb7be 100644
--- a/node_modules/@vitest/browser-playwright/dist/index.js --- a/node_modules/@vitest/browser-playwright/dist/index.js
+++ b/node_modules/@vitest/browser-playwright/dist/index.js +++ b/node_modules/@vitest/browser-playwright/dist/index.js
@@ -935,7 +935,7 @@ class PlaywrightBrowserProvider { @@ -936,7 +936,7 @@ class PlaywrightBrowserProvider {
createMocker() { createMocker() {
const idPreficates = new Map(); const idPredicates = new Map();
const sessionIds = new Map(); const sessionIds = new Map();
- function createPredicate(sessionId, url) { - function createPredicate(sessionId, url) {
+ function createPredicate(url) { + function createPredicate(url) {
const moduleUrl = new URL(url, "http://localhost"); const moduleUrl = new URL(url, "http://localhost");
const predicate = (url) => { const predicate = (url) => {
if (url.searchParams.has("_vitest_original")) { if (url.searchParams.has("_vitest_original")) {
@@ -960,11 +960,7 @@ class PlaywrightBrowserProvider { @@ -961,11 +961,7 @@ class PlaywrightBrowserProvider {
} }
return true; return true;
}; };
- const ids = sessionIds.get(sessionId) || []; - const ids = sessionIds.get(sessionId) || [];
- ids.push(moduleUrl.href); - ids.push(moduleUrl.href);
- sessionIds.set(sessionId, ids); - sessionIds.set(sessionId, ids);
- idPreficates.set(predicateKey(sessionId, moduleUrl.href), predicate); - idPredicates.set(predicateKey(sessionId, moduleUrl.href), predicate);
- return predicate; - return predicate;
+ return { url: moduleUrl.href, predicate }; + return { url: moduleUrl.href, predicate };
} }
function predicateKey(sessionId, url) { function predicateKey(sessionId, url) {
return `${sessionId}:${url}`; return `${sessionId}:${url}`;
@@ -972,7 +968,23 @@ class PlaywrightBrowserProvider { @@ -973,7 +969,23 @@ class PlaywrightBrowserProvider {
return { return {
register: async (sessionId, module) => { register: async (sessionId, module) => {
const page = this.getPage(sessionId); const page = this.getPage(sessionId);
@@ -37,19 +37,19 @@ index 5d0d37b..821d7b4 100644
+ // duplicate-id mocks (e.g. '$lib/foo.svelte' + '$lib/foo.svelte.js') + // duplicate-id mocks (e.g. '$lib/foo.svelte' + '$lib/foo.svelte.js')
+ // leak an orphan route whose handler crashes after the next + // leak an orphan route whose handler crashes after the next
+ // session's birpc channel closes. + // session's birpc channel closes.
+ const existingPredicate = idPreficates.get(key); + const existingPredicate = idPredicates.get(key);
+ if (existingPredicate) { + if (existingPredicate) {
+ await page.context().unroute(existingPredicate); + await page.context().unroute(existingPredicate);
+ } + }
+ const ids = sessionIds.get(sessionId) ?? new Set(); + const ids = sessionIds.get(sessionId) ?? new Set();
+ ids.add(moduleUrl); + ids.add(moduleUrl);
+ sessionIds.set(sessionId, ids); + sessionIds.set(sessionId, ids);
+ idPreficates.set(key, predicate); + idPredicates.set(key, predicate);
+ await page.context().route(predicate, async (route) => { + await page.context().route(predicate, async (route) => {
if (module.type === "manual") { if (module.type === "manual") {
const exports$1 = Object.keys(await module.resolve()); const exports$1 = Object.keys(await module.resolve());
const body = createManualModuleSource(module.url, exports$1); const body = createManualModuleSource(module.url, exports$1);
@@ -1033,8 +1045,8 @@ class PlaywrightBrowserProvider { @@ -1034,8 +1046,8 @@ class PlaywrightBrowserProvider {
}, },
clear: async (sessionId) => { clear: async (sessionId) => {
const page = this.getPage(sessionId); const page = this.getPage(sessionId);
@@ -58,5 +58,5 @@ index 5d0d37b..821d7b4 100644
+ const ids = sessionIds.get(sessionId) ?? new Set(); + const ids = sessionIds.get(sessionId) ?? new Set();
+ const promises = [...ids].map((id) => { + const promises = [...ids].map((id) => {
const key = predicateKey(sessionId, id); const key = predicateKey(sessionId, id);
const predicate = idPreficates.get(key); const predicate = idPredicates.get(key);
if (predicate) { if (predicate) {